#!/bin/bash
time=`date +%Y%m%d`
yum install wget cmake pcre* openssl*  -y
cd  /etc/yum.repos.d/ && mv CentOS-Base.repo CentOS-Bask.backup.$time

#下载网易镜像源：
wget http://mirrors.163.com/.help/CentOS5-Base-163.repo
#下载搜狐镜像源：
#wget http://mirrors.sohu.com/help/CentOS-Base-sohu.repo

yum clean all
#yum makcache 
#yum upgrade
yum install lrzsz ntp sysstat lsof -y

ntpdate cn.pool.ntp.org && hwclock -w && hwclock --systohc

echo '*/5 * * * * ntpdate cn.pool.ntp.org && hwclock -w && hwclock --systohc > /dev/null 2>&1' >> /var/spool/cron/root

echo "nameserver 202.106.0.20" >> /etc/resolv.conf

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

##Add System Account##
echo -n "Please Input Your Username:" 
read username 
(awk -F':' '{print $1}' /etc/passwd|grep ^$username$) && (echo "Add user faild because user exists!"&&sleep 2)||(useradd $username&&passwd $username&&sleep 2)

##Add user sudo privileges###
echo "$username ALL=(ALL) ALL" >> /etc/sudoers

###Modify the SSH Configuretions##
sed -i 's/#PermitEmptyPasswords no$"/PermitEmptyPassword no/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin no$"/PermitEmptyPassword no/g' /etc/ssh/sshd_config
sed -i 's/#UseDNS yes$/UseDNS no/g' /etc/ssh/sshd_config
/etc/rc.d/init.d/sshd restart


###Shutdown unuseful service###
for service_stop in `chkconfig --list|grep 3:on|awk '{print $1}'`;do chkconfig --level 3 $service_stop off;done
for service_start  in crond sshd network syslog;do chkconfig --level 3 $service_start on;done

##Change defult configuretion###
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
echo "* soft nproc 65535" >> /etc/security/limits.conf
echo "* hard nproc 65535" >> /etc/security/limits.conf
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf


###Change kernel default configuretion##
echo "net.ipv4.tcp_max_syn_backlog = 65536">> /etc/sysctl.conf
echo "net.core.netdev_max_backlog = 32768">> /etc/sysctl.conf
echo "net.core.somaxconn = 32768">> /etc/sysctl.conf
echo "net.core.wmem_default = 8388608">> /etc/sysctl.conf
echo "net.core.rmem_default = 8388608">> /etc/sysctl.conf
echo "net.core.rmem_max = 16777216">> /etc/sysctl.conf
echo "net.core.wmem_max = 16777216">> /etc/sysctl.conf
echo "net.ipv4.tcp_timestamps = 0">> /etc/sysctl.conf
echo "net.ipv4.tcp_synack_retries = 2">> /etc/sysctl.conf
echo "net.ipv4.tcp_syn_retries = 2">> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1">> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1">> /etc/sysctl.conf
sysctl -p > /dev/null 2>&1

###Delete the unuseful user account##
userdel adm
userdel lp
userdel sync
userdel shutdown
userdel halt
userdel news
userdel uucp
userdel operator
userdel games
userdel gopher
userdel ftp
groupdel adm
groupdel lp
groupdel news
groupdel uucp
groupdel games
groupdel dip
groupdel pppusers

###turn off the ctrl+alt+delete###
sed -i 's/^ca/#ca/g' /etc/inittab

chattr +i /etc/passwd
chattr +i /etc/inittab
chattr +i /etc/shadow
